Al Viro discovered a vulnerability in the WindowMaker window manager. A function used to load images, for example when configuring a new background image or previewing themes, contains a buffer overflow. The function calculates the amount of memory necessary to load the image by doing some multiplication but does not check the results of this multiplication, which may not fit into the destination variable, resulting in a buffer overflow when the image is loaded.

A vulnerability was discovered in pine while parsing and escaping characters of email addresses; not enough memory is allocated for storing the escaped mailbox part of the address. The resulting buffer overflow on the heap makes pine crash. This new version of pine, 4.50, has the vulnerability fixed. It also offers many other bug fixes and new features.

A bug exists in the galeon web browser when using it with EHWM -compliant window managers such as metacity. When galeon is in fullscreen mode, the GNOME panel is below the fullscreen window and is not readable. This update fixes the problem.